The Sourcefire Defense Center (DC) is being overloaded by the calls from Splunk and crashing the DC GUI.
I believe there has to be a configuration on the client for request interval OR a configuration that would force the client to wait till the previous session close before sending any request.
The reason the client is requesting multiple request for the same data is that there is a bookmark file on the client that holds the epoch/unix time stamp of the last event received and normally gets updated when the session close. On this box, the requests are referencing this bookmark file and could have identical "Since <timestamp>" until one of the requests get processed and session closed. At that point the request that follows would pick up new timestamp.
Regarding forcing the DC to limit the number of request, the DC will always honour any legit request from the client and won't block or limit the number of request the client can make. This is by design and can't be changed as the request config is normally expected from the client side while there is the option on the DC to set what event type to steam.
So, where is this configuration, or is there a fix. I am so close to getting Splunk to work with the DC. Help!!! Splunk Noob.